A community’s emergency management team is almost always ready to respond to a natural disaster — but does that type of capability translate to cyber attacks? A new group in Ohio is aiming to ensure it does.
The group, called the Cybersecurity Work Group, evolved out of a partnership between government and private businesses in Franklin County, Ohio, that aimed to share expertise and improve readiness in that part of the state in the event of a cyber terrorism attack. The group was initially funded by a $160,000 federal Homeland Security grant.
Featuring a mix of politicians, police, business leaders and other community members invited by the county’s Emergency Management and Homeland Security agency, the group produced a blueprint for statewide communities to use when faced with a cyber emergency.
The report, which included strategies for state agencies that are confronted with technological crises like deliberately downed telecommunications or natural disasters that destroy the technologies the public rely on daily, was also sent to the Ohio Emergency Management Agency.
“It’s kind of a template,” said Patrick Sheehan, the EMA’s operations officer, in a Columbus Dispatch article. The report “gives a path for them to follow.”
The agency is currently reviewing the report. When the review is complete, the agency will send the it to the 87 other counties in the state.
According to Sheehan, the guide walks county representatives through the steps to build lines of communication between public agencies and private businesses. It also helps communities identify and classify different types of cyber emergencies. According to Michael Pannell, the director of Franklin County’s emergency management agency, taking the emergency management approach to cyber is tough due to the sometimes-unknown nature of cyber attacks.
While damage from a tornado is immediately obvious, county officials might not recognize a developing cyber threat due to inexperience, or a failure to communicate with the private sector to share information or best practices for detecting an attack.
“Information systems, which sustain everything from our financial institutions to the electric grid, are exposed to a growing threat from natural disasters, terrorists, organized crime and foreign governments,” Pannell told the Columbus Dispatch. “This guide provides communities with an appropriate starting point for discussion of cybersecurity preparedness.”
Similar groups have started popping up in other states. In Virginia, Gov. Terry McAuliffe created an Information Sharing and Analysis Organization in response to President Barack Obama’s executive order that encouraged states to form cybersecurity groups.